A Tech's Tale of a Real Life Schemer: The Fake Microsoft Scam Running Amok on Us All

ROFL, that was fun. A scammer called me. I scrambled to open my Windows 10 VMware to let him do his thing. First he told me he was from Microsoft and that my computer was reporting to MS that I had errors. I said Oh, no! What can we do!? He said he could show me and then help me fix it. First, to prove he knew it was my computer, he had me open a command window and list file associations and claimed the following was a unique identifier for my computer:

zfsendtotarget=clsid 888dca60-fc0a-11cf-8f0f-00c04fd7d062

(More info on that here. It's just the entry for right click send to zip file.)

Then he had me open MSInfo. Look at all the errors!

He claimed those were the messages Microsoft was getting. Oh, no, what do we do?!

He asked me to connect to him. I said, "Okay, I need this computer for work; I'll do anything." All throughout the call, he had me type WinKey+R to run things including going to the site below. Here's how he had me connect:

Tight VNC--old school goodness!

I asked if he was from Microsoft, why did we go to a non-Microsoft website? He said he was Microsoft Certified and moved on very quickly. Not wanting to tip my hand too much, I allowed it to continue. Having me connect with a VNC client, he showed he how he had control--although he stumbled with Windows 10 for a bit (that was funny).

"OMG these are wery bad wirus!" All of these errors are the infection they were getting reports about. Forget that there is no history other than today in the last three months or that they are all for after he called today--so how were they getting reports? It wasn't even ON!

He went on to say it must not be running good. I said it seems perfectly fine. So he said it can't be and took me somewhere to show me all the services that were not running. Proving that it wasn't working at its best. OH NOES! These are stopped services...and it's bad. Really bad.

He started to uncheck things, so I was done. I paused the VMWare I then asked him how often this scam works on people. He started to try to defend himself. I called him a slimey S.O.B. and wished him a good day and killed the VMWare before he could break it. I should have let him continue, but the next step is to break the computer and get credit card info.

What I learned:

He was very confident and well versed in his scam. He also was able to get me to connect very easily when I played dumb with his instructions. He controlled the flow of the call 100% and used some good scare tactics to make me believe that there was something wrong with my computer. I can see how this works--a layperson would not know what the errors are or that the CSID is on EVERY SINGLE WINDOWS COMPUTER EVER.

That was so fun and scary--take care out there!

To view the original article, visit the My Computer Works blog.